Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

schwit1 writes "Some European leaders are renewing calls for a 'euro cloud,' in which consumer data could be shared within Europe but not outside the region. Brazil is fast-tracking a vote on a once-dormant bill that could require that data about Brazilians be stored on servers in the country. And India plans to ban government employees from using email services from Google and Yahoo Inc. It is too soon to tell if a major shift is under way. But the Information Technology and Innovation Foundation estimates that fallout from revelations about NSA activities could cost Silicon Valley up to $35 billion in annual revenue, much of it from lost overseas business. A survey conducted this summer by the Cloud Security Alliance, an industry group, found that 56% of non-U.S. members said security concerns made it less likely that they would use U.S.-based cloud services. Ten percent said they had canceled a contract. Even some companies that seek to profit from fears about U.S. snooping acknowledge that law-enforcement agencies in other countries want to catch up with Washington's capabilities. 'In the long run, there won't be any difference between what the U.S. or Germany or France or the U.K. is doing,' says Roberto Valerio, whose German cloud-storage company, CloudSafe GmbH, reports a 25% rise in business since the NSA revelations. 'At the end of the day, some agency will spy on you,' he says."

My cloud plan: servers welded shut and housed in 10000 yurts scattered across Mongolia. Network bandwidth may be a problem at first but I'm having some success in my experiments with ponies carrying micro-SD cards.

My cloud plan: servers welded shut and housed in 10000 yurts scattered across Mongolia. Network bandwidth may be a problem at first but I'm having some success in my experiments with ponies carrying micro-SD cards.

Interesting! I would like my prosumer mo-social wireless content delivery strategy to synergize with your thinking-inside-the-box solution, but the interface to my problem space may need realignment to fit the new paradigm. Do you support RFC 1149 [ietf.org] - IP over Carrier Pigeon?

Forbidding providers to put clausules in your contract that don't let you do that, in example. There are places where a dynamic IP is given to full time home connection, to specifically avoid setting fixed IP servers there. Is not mandating to put servers in each home, but not putting an extra cost if a person want to do so. Is not exactly rocket science by now, at least for doing it at personal level.

There is only one little problem: The IP addresses are limited. Of course, if every country does setup their internal network, and if you want to connect to your home computer only while you are not leaving your country, then it will work pretty well. Of course, it means BYE-BYE internet, HELLO intranet, but nevertheless, we are fast going this way....

As much as I hate to encourage ISPs coaxing people to business accounts in this way, I really recommend you check it out.

When I got sick of random ports being blocked (the last straw was blocking inbound 25/TCP (which has nothing to do with stopping spammers)), I changed my account to a business account and it ended up only costing ~10% more for the same speed. In addition to helpful cooperation with things like setting up reverse DNS and an actual SLA (it's not fantastic, but they are now extremely quick a

Industrial espionage is a big concern. It has been known since at least 2001 (when Echelon was widely covered in the press and the European Parliament opened an investigation) that the NSA has intercepted communications among European companies and then handed over business secrets to their American competitors. Even if it wouldn't protect individuals' privacy, the idea is that a European cloud would protect European businesses.

Yeah - no reason to get outraged. The NSA uses our tax dollars to inject weaknesses in applications, encryption techniques, and devices which make it easier to be a victim of identity theft. Worse, after we completed exporting our manufacturing economy during the 80s and 90s in favor of "knowledge jobs", the NSA makes it obvious that doing business with American companies is unwise at best, though moronic is a better descriptor. And if that's not enough, all those aforementioned weaknesses make it easier

Yea, we had to have a special network connection through the American Embassy in France so we could exchange e-mail without the French reading the emails. We put it into place when the French would ask about something that was only disclosed in the email.

Germany... is slightly more touchy about issues pertaining to surveillance and the general topic of totalitarianism, for some reason.

Yes, we (the German people) are. No, we (the German government) are not. The later will happily share whatever they acquire with its "friends" in Europe and overseas.

Technically both NSA and BND/Verfassungschutz are not spying on their own people... but if the BND spies on Americans and the NSA spies on Germans and both swap their findings, all laws were respected.

I'm not making this weird shit up, that's actually how our government argued in this affair. Granted the wording they used was of course more not-so-obvious politian-speak. But that's what they said.

I'm an American living in Germany. V for Vendetta is not only correct, but the few people I have spoken to have their fingers in their ears. They complained more about the Americans' secret surveillance watching them rather than about the secret surveillance of the German government watching them. At least they agreed when I politely told them that they should tell their government to stop allowing the Americans to spy on them. They are their own country and didn't have to bow to American whims.

Pretty much. Governments have long recognized that the existence of a decentralized packet-switched network makes spying on its citizens harder. Therefore, their goal is to break the Internet, splitting it off into lots of little regional networks that don't fully talk to one another, requiring companies to store data on their citizens in country-specific servers so that it is easier to keep track of everything that's happening, etc. Government would love to go all the way back to the circuit-switched days of mainframe computing if they could.

This is why we, as citizens of the world, must unite to demand more reasonable policies, starting with laws that fine companies an exorbitant amount of money for sharing information about their citizens with foreign governments without a warrant from the citizens' governments. If Google were hit with a million dollar fine every time it obeyed an NSL without getting a court order from whatever country the target was from, Google would then be forced to sue the federal government to reclaim those damages, forcing the U.S. government to act like a proper player on the world stage instead of a world-class thug that bullies its way into whatever information it wants.

Actually, it is the opposite. I don't know what kind of idiot did make your opinion "Interesting", but you both need some special medical attention.
Or with other words, the more decentralized the network, the harder for any entity to eavesdrop on all of them. Do i really have to prove it? Really???

Your point and my point are not really in conflict; they're just two sides of the same coin. Ultimately, the first goal of government, sadly, is and has always been maintaining and concentrating power. It shouldn't be that way, but it is. Other governments knowing things about your citizens weakens your own government's power, because those other countries could potentially learn some of your country's secrets. (This is particularly true for business communications.) Your own government knowing things about its citizens increases its power, because it gives them information not only about security threats, but also about potential threats to your power. It also gives them ammunition that they can use for blackmail if they need to silence a dissenter. Therefore, the natural tendency is for a government to want to increase its ability to spy on its citizens while decreasing the ability of other governments to do so. I cite as an example the extensive U.S. government surveillance of people involved in the Occupy movement.

Complete global decentralization, which the Internet typically trends towards in the absence of interference, limits the ability of all governments to spy on anyone. This does not meet the above goals. However, regional centralization (such as EU member governments encouraging people to use servers within the EU) in lieu of global centralization decreases the ability of governments to spy on people from other countries/economic communities, while increasing governments' ability to spy on people in their own countries. This is a win-win for European governments; they get the political win of being able to say that they're protecting people from the watchful eye of the nefarious U.S. government, all the while centralizing that data in a location where it is more easily reachable by their own governments through subpoenas and what not.

Europe is already covered by the European data protection directive, recently updated in 2012 and 2013.

The directive, essentially, makes the whole of Europe a data enclave, out of which data can only be passed if it's subject to the same laws as would apply within that enclave.

Third countries is the term used in legislation to designate countries outside the European Union. Personal data may only be transferred to third countries if that country provides an adequate level of protection. Some exceptions to t

Yes the NSA and GCHQ shaped national spy staff and gave them unaffordable tech gifts and long term support.
Generations have passed. Most 'top' staff in most European intelligence agencies would really, really enjoy their visits to see the 'future' in the US.
Many nations entire 'new' telco systems are just regional hubs to track dissent and mirror off all data to the US/UK.

The commercial interests, big commercial interests are negatively affected by this spying. It's going to hit some bottom lines big time pretty soon. If we're to believe in the strong arm of lobbying, domestic spying should end any day now, right? Riiight:)

Then why Google has a special team for dealing with this "non-existent" lost business? And Microsoft too? And Amazon too? And Yahoo too?
I KNOW, i know, they are stupid, not so smart as you are (or more likely, you think you are...)

Before all this, people didn't even think about creating a real competitor for Google or Amazon. Now we can expect some real options for these services soon. This is good news for everyone, thank you USA!

Before all this, people didn't even think about creating a real competitor for Google or Amazon. Now we can expect some real options for these services soon. This is good news for everyone, thank you USA!

Working for a Europe-based Dropbox competitor, we have seen a truly massive increase in interest and sales after the NSA revelations.

Before all this, people didn't even think about creating a real competitor for Google or Amazon. Now we can expect some real options for these services soon. This is good news for everyone, thank you USA!

Working for a Europe-based Dropbox competitor, we have seen a truly massive increase in interest and sales after the NSA revelations.

That's because people are idiots. Not only would a European-based competitor NOT prevent the NSA and GCHQ from getting at your data, it's not going to prevent any other agency from getting at it either.

Avoiding US-based services is nothing more than a bunch of political bullshit. If you're worried about the security of your data, the solution is not to stop using US-based services, the solution is to stop using cloud services in general and run things yourself. Shifting a data center from one country you di

The big difference is...if a company is based in the USA the NSA can ask for practically anything, backdoors, etc and that company has to comply or shutdown.

I do not think this is true for a company say for example based in Portugal (or Andora, or some other EU country which is not big on spying), there is perhaps no such legal framework forcing companies to insert backdoors.

The big difference is...if a company is based in the USA the NSA can ask for practically anything, backdoors, etc and that company has to comply or shutdown.
I do not think this is true for a company say for example based in Portugal (or Andora, or some other EU country which is not big on spying), there is perhaps no such legal framework forcing companies to insert backdoors.

This is true. We only have to give up customer data when handed specific official court orders (specific for the customer and case in question). It might be hard for Americans to believe after all their NSA revelations, but our law enforcement simply don't have similar blanket powers to request access without going through due process. We actually give customers a guarantee on this, and this guarantee is not written in a clever way to give NSA type loopholes.

That's because people are idiots. Not only would a European-based competitor NOT prevent the NSA and GCHQ from getting at your data, it's not going to prevent any other agency from getting at it either.

I think that's a bold claim. Remember that when GCHQ wanted to spy on phone calls from the Middle East, they didn't do it by serving Belgacom with some dubious order from a bogus court. No such courts exist in Europe, at least as far as I know. They did it by hacking Belgacom directly and then they got caught

I'm glad that someone is attempting to quantify this. As someone who works in sales for hosted services, I saw this trend emerge virtually overnight with the Snowden leaks - the complete erosion of trust for any service hosted in the U.S., even if the actual, measurable impact to date any of my customers of being spied upon is exactly nil.
Now if only someone would compare the impact to the NSA's operating budget and draw some lines, things might get better. I've been called an optimist before, however.

I'm glad that someone is attempting to quantify this. As someone who works in sales for hosted services, I saw this trend emerge virtually overnight with the Snowden leaks - the complete erosion of trust for any service hosted in the U.S., even if the actual, measurable impact to date any of my customers of being spied upon is exactly nil.

Now if only someone would compare the impact to the NSA's operating budget and draw some lines, things might get better. I've been called an optimist before, however.

"Actual" and "measurable" are two different things. The simple truth is we don't really know the extent of what the NSA is up to or whom they're sharing this data with. Already there have been calls for this treasure trove of private information to be "shared" with private companies so they can "help out" in the fight against terrorism. And the fact that these organizations have the guts to publicly lobby for such access says to me that likely somebody somewhere in private industry already has access to some or all of it through "connections" and now wants this sharing legalized so their access to that knowledge can be leveraged for greater financial gain out in the open, in front of stockholders.

The fact that we don't know just makes it worse. We have to assume that the entire US and everything in it is compromised.

For the moment, I'd say that is a wise assumption. If I were a non-US corporation or person I'd be assuming the exact same thing. Until there is a full, detailed accounting--of the uncomfortable "truth commission" variety--all but the staunchest pro-authoritarian Americans will believe it anyway, so there's no sense delaying what absolutely has to happen.

It may yet be that the capitalist interests that the NSA are damaging might in the long-run have to expend considerable lobbying dollars to reverse some of this perception by drastically reining in the NSA. Or we can write-off a good chunk of the money we'd have otherwise made by innovating online.

My guess would be a ~1970's Soviet or late ~1970's South Africa timeline. Time for some good sockpuppets, world events, self printed cash flow and theatrics to win the world back to the big brands.
Still time and the smart contractors have some really great ideas.
The US still has time to offer 'free', charm and totally effortless connectivity to 'everybody' for a while longer.
The real fun starts when the use of 'free' web 2.0 services becomes useless as its flooded with fun, recreation, hobbies, sport

First we rid ourselves of manufacturing to become a country of services and intellectual property. Then we destroy the reputation of our services by spying on everyone who uses them. Good job government. Good job.

I just hope that the other countries realize that all the intellectual property agreements with US worths nothing in the actual situation, NSA are free to roam their internal networks and private mails, steal any intellectual property they want to give to big corporations to patent/copyright them so the original inventors don't have it, anywhere.

So no manufacturing, no services, and no intellectual property. Just a big bully sitting there.

The NSA was not balancing anything. They are a rogue agency operating outside of the law and outside of meaningful oversight. Snowden is a patriot and a hero for exposing the criminals at the NSA for what they are. The NSA does not make America safer or more competitive at business. It's a liability to our freedom, our safety, and our economic security.

Yeah, we must jail the witnesses and leave free the assassins so they keep killing. You are sure that you won't be the next target, no? Or is just too deep into the culture to be too big to jail [rollingstone.com]?

We may or may not have ever had any real privacy online, and only the naive would post revealing/personal/sensitive things anywhere online, but all along most folks have assumed that it would be WRONG for anyone to spy on your online business without warrants. And it most certainly fucking IS.

And here's the big-ass BUT, really, DARPA built the Internet. Someone has been spying on some of it all along, most certainly. BUT the level it has risen to with the holy excuse of THA TURRISTS is unexcusable. The Snowden Shaming was long overdue.

Wasn't internet designed around the idea to route around damage? Places where spying on everybody and his sister is the norm certainly looks like something to be avoided. But then again, we don't want the terrorists to win. Right?

Wasn't internet designed around the idea to route around damage? Places where spying on everybody and his sister is the norm certainly looks like something to be avoided. But then again, we don't want the terrorists to win. Right?

Terrorism won. The terrorist took on the Big USA, claimed they weren't the "good guys" that they claimed to be. Come a decade later, we got Snowden showing exactly how much of dicks the USA Government really is, and that the terrorist aren't the big threat, but that the USA Government is the big threat. The one causing TERROR in the world.

US citizens outraged their Constititional Rights are being trampled on enough to end nsa spying on them? Nope. Mega corporations losing revenue because of nsa spying? That nsa spying needs to end immediately.

I expect a surge in client side cryptography, where servers store encrypted data and the keys never leave the client. This can't suit every application but it could be a good selling point for a while. Most of it will be done in JavaScript for convenience, even if it's not a good idea [matasano.com]. Mega is just an entry level example of what can go wrong. Some "real" client application (mobile or desktop) will be developed, I wonder if they'll get mainstream. Anyway that only raises the bar for whoever wants to spy on u

Yes. But some countries do so only to maintain their domestic security. That's not always good, but I can deal with it. What many people don't like is losing their privacy in the name of propping up the US' good old boy commercial interests. And getting pulled into every global military dick swinging contest.

Yes and you can be sure that most governments are already spying on their own people. The point of using non-US cloud services is to limit the amount of eyes on your data. If your company is based outside of the U.S., your government is likely keeping their own tabs on internet traffic - maybe not to the same extent as the NSA, but it's likely happening nonetheless. Then, if you use U.S.-based cloud services, you have to worry about the U.S. government having access to that data as well. By using a provider in your own country, you limit the number of parties available to snoop on that data to the company offering the cloud services and your local government.

I take anytime a government spying in their own people over a government spying and controlling other countries people, sometimes even is a reaction for their own protection, to avoid the dangers implied of other government controlling your own people. Also, using Russia, China and a few more as all the 200+ governments is a good generalization to support that it must be good because others do it, there are thousands of people that steal, so everyone steals, so is ok that you do it, no?

I take anytime a government spying in their own people over a government spying and controlling other countries people, sometimes even is a reaction for their own protection, to avoid the dangers implied of other government controlling your own people. Also, using Russia, China and a few more as all the 200+ governments is a good generalization to support that it must be good because others do it, there are thousands of people that steal, so everyone steals, so is ok that you do it, no?

The difference is that if China has Total Information Awareness about you and you live in the US, their direct control over you is necessarily limited. The FBI, DHS, et. al. are all ultimately branches of the US Federal Government, which in turn has a lot of control in both carrot and stick forms over state and local government agencies. China cannot sic the FBI on you. The NSA on the other hand...

Regarding alternative OS, it won't matter. Who says Intel, AMD, ARM, nVidia, RealTek and all other hardware manufacturers haven't already included backdoors into their firmwares and hardware design to please the NSA? There was an article [heise.de] recently in the German magazine C't about possible backdoors in Intel's Active Management's Technology (AMT). Even if turns out to be a hoax, for now, who knows what lays dormant in such firmware, waiting to be tapped by the NSA?

And be wary of binary software distributed to you. Even if it's personally signed by someone you trust (and you trust the certificate you got), his computer may be compromissed. If it's not signed, well, you've already lost.

Changing your OS or trusting the manufacturer of your processor won't make

Apparently it's not only politicians who are remarkably inept when it comes to technical matters, but many others as well. I think it's safe to say at this point that there is no way to 100% ensure that any data stored "in the cloud" is safe from the prying eyes of the truly motivated.

You want your data to be 100% secure? Then store it off-line. If the FBI, CIA, NSA, DHS, military intelligence, or whoever you care to name really wants to see what's stored on a USB flash drive or hard drive sitting on a shelf in my house (or stored in a safe deposit box, or in a vault somewhere, or buried in the ground in an undisclosed location) then they'll have to come and physically get it.

Like your bank, medical, insurance, mortgage, employment, social security, credit card, Facebook, eBay and Amazon records. Put them on a flash drive buried in your back yard and the NSA has no chance. Good luck with that.

I don't have Facebook anymore because they don't respect my basic right to privacy in the first place, and what makes you think I'm talking about "public records" anyway? I'm talking about data that is private and valuable to you or to your company.

So now that the veil has been pulled back, when do we all realize that the next logical conclusion as citizens globally is to exit the stock market en masse? Any notion remaining that it was a fair game have been squashed - if NSA staff and contractors can monitor exes and lovers for months without effective oversight, imagine the financial incentive to do the same to C level execs?

Holy hell, William Gibson's Virtual Light [goodreads.com] is coming true! At least we don't have to worry until we see the middle class vanish and the rise of Christians who worship exclusively by watching television.

Sure every country has a spy group. But every country does not have the SAME spy group. My search engine is in Europe. My e-mail is in Russia. My web site is in Thailand. You think the KGB is going to share data with the NSA? No way.

You use various services on the Internet. Get those services from different companies, different countries. If you use Google for everything, then Google knows everything about you, and Google will tell the NSA. Yandex will not tell the NSA; no way; Yandex is in Moscow. Google's business plan is to become an expert on you, and I don't want ANYBODY to be an expert on me. It's not about who you trust, it's about trusting nobody.

Like that's gonna help anything.. You have no certainty the company you are using offshore doesn't have any connections to the NSA or are safe from it (data still has to go from and to those servers)..

No they don't get it back. Anyone who thinks that the minute those governments have access to that amount of data that they won't take a peak is fooling themselves. Welcome to the world we live in today. All through history, those in power always do whatever they can to leverage it. Today it is easier than ever since every single thing about every single person is basically in digital format and can be transported on an item the size of a finger nail. Privacy has all but been completely eroded by irres

The americans were the ones that put the entire world into this. It had some time into making, and still were elected people controlled by the same pupeteers each time. It was pretty clear in previous election that worrying trends were just increase if Obama get reelected, and he did (and people were happy because the "other option" wasnt elected, even if both options would had the same people in control, and there actually were other options, if even were expressely voting for noone).

It's amazing that Americans think the world would have turned out different if they had voted for the other guy... American history must have been a string of electing the wrong guy each and every time then it seems.

The law was written so the President can set "essential" branches or programs that cannot be shut down. For example, the ACA program cannot be shutdown. Given the President's current track record, most secret agencies will be going strong tomorrow morning (though we wont know about it till they knock on the door).